Malware Spreading through Vulnerability in Linksys Routers

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Owners of Linksys routers are being on notice: A new piece of malware called “The Moon” is targeting and infecting Linksys router firmware to help it spread.

Last week, the Internet Storm Center (ISC) first reported that a worm named The Moon was targeting and spreading through vulnerabilities present in Linksys routers. In the days since, security researchers have been analyzing the malware and working on a fix.

According to the ISC, potentially vulnerable router models include: the Linksys E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000 and E900. This list may not be complete.

“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.